overlayfs: fs on './file0' does not support file handles, falling back to index=off. nla_parse: 2 callbacks suppressed netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.2'. FAT-fs (loop5): bogus number of reserved sectors ====================================================== WARNING: possible circular locking dependency detected 4.14.295-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/10753 is trying to acquire lock: (&ovl_i_mutex_dir_key[depth]){++++}, at: [] inode_lock_shared include/linux/fs.h:729 [inline] (&ovl_i_mutex_dir_key[depth]){++++}, at: [] lookup_slow+0x129/0x400 fs/namei.c:1674 FAT-fs (loop5): Can't find a valid FAT filesystem but task is already holding lock: (&oi->lock){+.+.}, at: [] ovl_nlink_start+0x22f/0x460 fs/overlayfs/util.c:523 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&oi->lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 ovl_copy_up_start+0x40/0xe0 fs/overlayfs/util.c:318 ovl_copy_up_one+0x21f/0x910 fs/overlayfs/copy_up.c:631 ovl_copy_up_flags+0xd5/0x120 fs/overlayfs/copy_up.c:686 ovl_rename+0x164/0xe50 fs/overlayfs/dir.c:939 vfs_rename+0x560/0x1820 fs/namei.c:4498 SYSC_renameat2 fs/namei.c:4646 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4535 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (sb_writers#3){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 sb_start_write include/linux/fs.h:1551 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 ovl_xattr_set+0x4d/0x290 fs/overlayfs/inode.c:214 __vfs_setxattr+0xdc/0x130 fs/xattr.c:150 __vfs_setxattr_noperm+0xfd/0x3d0 fs/xattr.c:181 __vfs_setxattr_locked+0x14d/0x250 fs/xattr.c:239 vfs_setxattr+0xcf/0x230 fs/xattr.c:256 setxattr+0x1a9/0x300 fs/xattr.c:523 path_setxattr+0x118/0x130 fs/xattr.c:542 SYSC_lsetxattr fs/xattr.c:564 [inline] SyS_lsetxattr+0x33/0x40 fs/xattr.c:560 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&ovl_i_mutex_dir_key[depth]){++++}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:729 [inline] lookup_slow+0x129/0x400 fs/namei.c:1674 lookup_one_len_unlocked+0x3a0/0x410 fs/namei.c:2595 ovl_lower_positive+0x184/0x350 fs/overlayfs/namei.c:783 ovl_rename+0x47c/0xe50 fs/overlayfs/dir.c:968 vfs_rename+0x560/0x1820 fs/namei.c:4498 SYSC_renameat2 fs/namei.c:4646 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4535 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Chain exists of: &ovl_i_mutex_dir_key[depth] --> sb_writers#3 --> &oi->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&oi->lock); lock(sb_writers#3); lock(&oi->lock); lock(&ovl_i_mutex_dir_key[depth]); *** DEADLOCK *** 6 locks held by syz-executor.4/10753: #0: (sb_writers#13){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#13){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&ovl_i_mutex_dir_key[depth]#2/1){+.+.}, at: [] inode_lock_nested include/linux/fs.h:754 [inline] #1: (&ovl_i_mutex_dir_key[depth]#2/1){+.+.}, at: [] lock_rename+0x225/0x280 fs/namei.c:2885 #2: (&ovl_i_mutex_key[depth]){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #2: (&ovl_i_mutex_key[depth]){+.+.}, at: [] lock_two_nondirectories+0xca/0xf0 fs/inode.c:990 #3: (&ovl_i_mutex_key[depth]/4){+.+.}, at: [] inode_lock_nested include/linux/fs.h:754 [inline] #3: (&ovl_i_mutex_key[depth]/4){+.+.}, at: [] lock_two_nondirectories+0xb2/0xf0 fs/inode.c:992 #4: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #4: (sb_writers#3){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #5: (&oi->lock){+.+.}, at: [] ovl_nlink_start+0x22f/0x460 fs/overlayfs/util.c:523 stack backtrace: CPU: 0 PID: 10753 Comm: syz-executor.4 Not tainted 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:729 [inline] lookup_slow+0x129/0x400 fs/namei.c:1674 lookup_one_len_unlocked+0x3a0/0x410 fs/namei.c:2595 ovl_lower_positive+0x184/0x350 fs/overlayfs/namei.c:783 ovl_rename+0x47c/0xe50 fs/overlayfs/dir.c:968 vfs_rename+0x560/0x1820 fs/namei.c:4498 SYSC_renameat2 fs/namei.c:4646 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4535 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f66aa19d5a9 RSP: 002b:00007f66a8b11168 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 RAX: ffffffffffffffda RBX: 00007f66aa2bef80 RCX: 00007f66aa19d5a9 RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000020000240 RBP: 00007f66aa1f8560 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffefde41aff R14: 00007f66a8b11300 R15: 0000000000022000 FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.2'. FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.2'. FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) netlink: 194488 bytes leftover after parsing attributes in process `syz-executor.2'. FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) audit: type=1800 audit(1664374497.108:20): pid=10769 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="/" dev="loop3" ino=3 res=0 new mount options do not match the existing superblock, will be ignored FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) new mount options do not match the existing superblock, will be ignored FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) audit: type=1800 audit(1664374497.489:21): pid=10841 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="/" dev="loop3" ino=4 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) new mount options do not match the existing superblock, will be ignored FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) new mount options do not match the existing superblock, will be ignored FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) new mount options do not match the existing superblock, will be ignored FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start f8000000) audit: type=1800 audit(1664374497.859:22): pid=10897 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="/" dev="loop3" ino=5 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored ====================================================== WARNING: the mand mount option is being deprecated and will be removed in v5.15! ====================================================== new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored EXT4-fs warning (device loop3): ext4_update_dynamic_rev:793: updating to rev 1 because of new feature flag, running e2fsck is recommended new mount options do not match the existing superblock, will be ignored EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 overlayfs: failed to resolve './file0': -2 print_req_error: I/O error, dev loop16, sector 8 ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table print_req_error: I/O error, dev loop16, sector 8 ip_tables: iptables: counters copy to user failed while replacing table print_req_error: I/O error, dev loop16, sector 8 ip_tables: iptables: counters copy to user failed while replacing table print_req_error: I/O error, dev loop16, sector 8